S4E

CVE-2024-26331 Scanner

CVE-2024-26331 scanner - Unauthorized Admin Access vulnerability in ReCrystallize Server

SCAN NOW

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 second

Time Interval

1 month

Scan only one

Url

Toolbox

-

ReCrystallize Server is used for managing and distributing Crystal Reports on a network. It is commonly deployed by organizations needing robust reporting capabilities. IT administrators and developers use it to ensure reports are available to end-users. The software integrates with various data sources, providing dynamic report generation. Its web-based interface facilitates easy access and management of reports.

This vulnerability allows an attacker to bypass authentication by manipulating the 'AdminUsername' cookie. By setting this cookie, an attacker can gain administrative access to the application. This grants full control over the system, including the ability to modify configurations and access sensitive information. The vulnerability exists even if the default password is changed.

The vulnerability is found in the ReCrystallize Server's handling of the 'AdminUsername' cookie. An attacker can set this cookie to 'admin' and send a GET request to '/Admin/Admin.aspx'. The server fails to validate the authentication token properly, allowing access to the administrative interface. The presence of specific keywords like "ReCrystallize Server Administration" confirms the exploit. This endpoint is crucial for administrative functions, making it a significant security risk.

Exploiting this vulnerability allows attackers to take full control of the ReCrystallize Server. They can access and modify sensitive configurations and data. Unauthorized administrative access can lead to data breaches, service disruptions, and potential loss of data integrity. Malicious actors can also leverage this access to launch further attacks on the network.

Join the S4E platform to secure your digital assets with our comprehensive vulnerability scanning service. Our platform offers detailed reports and remediation steps to protect your systems from threats like unauthorized admin access. Benefit from continuous monitoring and expert guidance to maintain robust security posture. Sign up today to safeguard your infrastructure against emerging vulnerabilities.

References:

Get started to protecting your Free Full Security Scan